VPN (Virtual Private Network) connection

C&CZ manages a VPN server, which makes it possible for all users to gain secure access to the network with their Science username and password. The computer at home (or anywhere on the Internet) becomes part of the campus network. In this way users can get access to services that are normally only accessible from computers on campus. The most common of such services are connecting to disk shares or to special servers.

As of November 2015, there is a new VPN, based on IPsec. We intend to have all users moved over to the new VPN before December 1, 2016 and then terminate the old VPN based on PPTP.

The instructions below to install the VPN will be expanded by C&CZ and probably also by employees/students.

General: VPN-server/gateway: vpnsec.science.ru.nl

Per device or Operating system:

Ubuntu 16.04: If you are currently using vpnsec.science.ru.nl, please do not upgrade to Ubuntu 16.04. There is a known bug people are trying to fix, see msg4923789. A work around currently exists, requiring some manual configuration. See: VPNsec Linux installation and configuration. Or use the OpenVPN service.

Windows7/8/8.1/10: Just add a *new* VPN with server vpnsec.science.ru.nl, that's all. No special configuration needed.

Android: Install the strongSwan app with "IKEv2 EAP (Username/Password)". NB: some special characters in the password should be escaped using a "\"

iOS (iPhone/iPad): Download and install vpnsec.mobileconfig to your iPhone/iPad. Tested on iPad with iOS 9, according to documentation iOS 8 should work too, but is yet untested.

Our Vpn Service has a reconnect problem that appeared during the upgrade of the Campus firewall. After a disconnect you have to wait ca 15 minutes before being able to reconnect. This is being investigated by the central ICT department.

OpenVPN for Linux & MacOS

For MacOS and Linux users that have trouble getting VPNsec working on their systems, C&CZ provides an OpenVPN service.

Setting up OpenVPN on Linux

Make sure you have the openvpn package installed. For Debian based distributions (like Ubuntu), run:

Starting OpenVPN on Linux

You'll be asked for your science login name and password.
Hit Control+C to terminate the OpenVPN connection.

SSH SOCKS-Proxy to access journals (linux)

There is a convenient alternative to VPN or the UB proxy website described above
to access online journals from anywhere. With SSH
one can start a so called SOCKS Proxy-server, which can be used by web-browsers.

If your Science username (e.g. "peter") is different on your local username use:

ssh -D 8942

The -D flag starts "dynamic" application-level portforwarding. The port number
(here 8942) can be any number above 1024 and below 65536. If a port is already
in use by another process try a different number.

Chromium and Google Chrome can be called from the command line with the proxyserver option:

chromium-browser --proxyserver="socks5://localhost:8942"

If you now go to a journal website i.e., J. Chem. Phys.,
you should see "Your access is provided by: Universiteitsbibliotheek" and
you should have the same access as from within the Radboud University domain.

Run ssh in the background

With these flags:

ssh -f -N -D port

ssh will run in the background (-f) and only setup the
proxy server but not actually logon (-N).

Troubleshooting

The "netstat" command may be used to troubleshoot problems:

netstat -at

will show all active and non-active tcp sockets. In the above example you should
see something like: